mirror of
https://github.com/gradio-app/gradio.git
synced 2025-01-18 10:44:33 +08:00
Merge branch 'master' into abidlabs/url
This commit is contained in:
commit
9151bff97d
15
SECURITY.md
Normal file
15
SECURITY.md
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
Use this section to tell people about which versions of your project are
|
||||||
|
currently being supported with security updates.
|
||||||
|
|
||||||
|
| Version | Supported |
|
||||||
|
| ------- | ------------------ |
|
||||||
|
| 2.x | :white_check_mark: |
|
||||||
|
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
If you discover a security vulnerability, we would be very grateful if you could email us at team@gradio.app. This is the preferred approach instead of opening a public issue. We take all vulnerability reports seriously, and will work to patch the vulnerability immediately. Whenever possible, we will credit the person or people who report the security vulnerabilities after it has been patched.
|
@ -1,6 +1,6 @@
|
|||||||
Metadata-Version: 1.0
|
Metadata-Version: 1.0
|
||||||
Name: gradio
|
Name: gradio
|
||||||
Version: 2.4.7b9
|
Version: 2.5.1
|
||||||
Summary: Python library for easily interacting with trained machine learning models
|
Summary: Python library for easily interacting with trained machine learning models
|
||||||
Home-page: https://github.com/gradio-app/gradio-UI
|
Home-page: https://github.com/gradio-app/gradio-UI
|
||||||
Author: Abubakar Abid
|
Author: Abubakar Abid
|
||||||
|
@ -377,15 +377,14 @@ def interpret():
|
|||||||
@app.route("/file/<path:path>", methods=["GET"])
|
@app.route("/file/<path:path>", methods=["GET"])
|
||||||
@login_check
|
@login_check
|
||||||
def file(path):
|
def file(path):
|
||||||
path = secure_filename(path)
|
|
||||||
if app.interface.encrypt and isinstance(app.interface.examples, str) and path.startswith(app.interface.examples):
|
if app.interface.encrypt and isinstance(app.interface.examples, str) and path.startswith(app.interface.examples):
|
||||||
with open(os.path.join(app.cwd, path), "rb") as encrypted_file:
|
with open(safe_join(app.cwd, path), "rb") as encrypted_file:
|
||||||
encrypted_data = encrypted_file.read()
|
encrypted_data = encrypted_file.read()
|
||||||
file_data = encryptor.decrypt(
|
file_data = encryptor.decrypt(
|
||||||
app.interface.encryption_key, encrypted_data)
|
app.interface.encryption_key, encrypted_data)
|
||||||
return send_file(io.BytesIO(file_data), attachment_filename=os.path.basename(path))
|
return send_file(io.BytesIO(file_data), attachment_filename=os.path.basename(path))
|
||||||
else:
|
else:
|
||||||
return send_file(os.path.join(app.cwd, path))
|
return send_file(safe_join(app.cwd, path))
|
||||||
|
|
||||||
|
|
||||||
@app.route("/api/queue/push/", methods=["POST"])
|
@app.route("/api/queue/push/", methods=["POST"])
|
||||||
|
@ -1 +1 @@
|
|||||||
2.4.7b9
|
2.5.0
|
||||||
|
2
setup.py
2
setup.py
@ -5,7 +5,7 @@ except ImportError:
|
|||||||
|
|
||||||
setup(
|
setup(
|
||||||
name='gradio',
|
name='gradio',
|
||||||
version='2.4.7b9',
|
version='2.5.1',
|
||||||
include_package_data=True,
|
include_package_data=True,
|
||||||
description='Python library for easily interacting with trained machine learning models',
|
description='Python library for easily interacting with trained machine learning models',
|
||||||
author='Abubakar Abid',
|
author='Abubakar Abid',
|
||||||
|
@ -71,6 +71,11 @@ class TestFlaskRoutes(unittest.TestCase):
|
|||||||
response = self.client.get('/api/')
|
response = self.client.get('/api/')
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
|
|
||||||
|
def test_static_files_served_safely(self):
|
||||||
|
# Make sure things outside the static folder are not accessible
|
||||||
|
response = self.client.get(r'/static/..%2f..%2fapi_docs.html')
|
||||||
|
self.assertEqual(response.status_code, 500)
|
||||||
|
|
||||||
def test_get_config_route(self):
|
def test_get_config_route(self):
|
||||||
response = self.client.get('/config/')
|
response = self.client.get('/config/')
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
|
Loading…
Reference in New Issue
Block a user